Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Security Software Hardware Technology

Quantum Computers Pose a Security Threat That We're Still Totally Unprepared For (technologyreview.com) 193

An anonymous reader quotes a report from MIT Technology Review: The world relies on encryption to protect everything from credit card transactions to databases holding health records and other sensitive information. A new report from the U.S. National Academies of Sciences, Engineering, and Medicine says we need to speed up preparations for the time when super-powerful quantum computers can crack conventional cryptographic defenses. The experts who produced the report, which was released today, say widespread adoption of quantum-resistant cryptography "will be a long and difficult process" that "probably cannot be completed in less than 20 years." It's possible that highly capable quantum machines will appear before then, and if hackers get their hands on them, the result could be a security and privacy nightmare.

Today's cyberdefenses rely heavily on the fact that it would take even the most powerful classical supercomputers almost unimaginable amounts of time to unravel the cryptographic algorithms that protect our data, computer networks, and other digital systems. But computers that harness quantum bits, or qubits, promise to deliver exponential leaps in processing power that could break today's best encryption. The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day.
The U.S., Israel and others are working to develop standards for quantum-proof cryptographic algorithms, but they may not be ready or widely adopted by the time quantum computers arrive.

"[I]t will take at least a couple of decades to get quantum-safe cryptography broadly in place," the report says in closing. "If that holds, we're going have to hope it somehow takes even longer before a powerful quantum computer ends up in a malicious hacker's hands."
This discussion has been archived. No new comments can be posted.

Quantum Computers Pose a Security Threat That We're Still Totally Unprepared For

Comments Filter:
  • Re: (Score:2, Interesting)

    Comment removed based on user account deletion
    • by goombah99 ( 560566 ) on Wednesday December 05, 2018 @11:25PM (#57757288)

      A few days ago one of the slashdot articles explained why quantum computers of a significant size will never be possible.

      Which is right?

      • by MrMr ( 219533 )
        In a few years we can claim we knew it all along. At least for one of the stories.
      • by Anonymous Coward

        Both... Thats the point

      • That is obvious: /. is right!!

      • The one that says it's not possible. However, "post-quantum" is a really hot buzzword, possibly even hotter than "blockchain" now that that one's burning out, so there's a lot of academic kudos and, once someone figures out how to commercialise it, money to be made peddling quantum crypto anything. The hype cycle tends to be 3-5 years before disillusionment, so we've got awhile to go yet.

        For my part, I predict we'll have fusion reactors and Mars colonies before we have quantum cryptanalysis, so there's pl

      • by jythie ( 914043 )
        For the moment, anyone who tries to tell you what will happen for certain is wrong. There is a lot of hype, and there is a lot of criticism, and for the moment the engineering simply is not done yet to see how feasible it actually is.
    • by jythie ( 914043 )
      And fusion! Or thorium? Or any number of free energy devices that the inventors just need a LITTLE more capital to finally get above 1:1.
  • by Anubis IV ( 1279820 ) on Wednesday December 05, 2018 @10:41PM (#57757104)

    You mean like every hostile or competing nation state?

  • "it will take at least a couple of decades to get quantum-safe cryptography broadly in place", I hope this will happen soon
    • Comment removed based on user account deletion
      • by gtall ( 79522 )

        Yep, this is the answer. We'll install SneakerNet along side our Electron Challenged Networks to distribute the one-time pads. Oh, and no sneaky allowing your one-time pads escape into the wild, keep them close to your body.

      • One time pads.. Totally safe against quantum computers.. There are ways of distributing those safely when your adversary is online.

        Oh yea, that key distribution problem is a bear you know... Maybe we can order one time pads from Amazon now? With prime shipping it will only take a day to get them.

        • In the future, you'll go down to the market and have a box of one-times along with your soylent bars, pocket fusion recharges, and totally-tuned porn drivers for your artificial mate.

          Until then, the quantum kids have spent billions and have bupkis+ to show for it, and acknowledge that even the algorithms are going to cost billions and billions, too. Quantum doesn't work like Von Neumann computing and so none of that tawdry PHP and node.js you learned is going to be useful. There are no libc-q's available.

          I

        • Comment removed based on user account deletion
    • by gweihir ( 88907 )

      I hope this will happen never. There is not need for it and changing things without need is just incredibly bad engineering because it always causes problems.

  • by CaptainDork ( 3678879 ) on Wednesday December 05, 2018 @11:09PM (#57757228)

    ... scary AI.

    I swim in the quantum theory waters and it's goddam near impossible to rake the jiggle out of one qubit. The temperature has to be at near-absolute zero and Heisenberg's Uncertainty Principle plus all of the laws of thermodynamics and the properties of quantum vacuum are working against us.

    As the qubit count increases, the randomness multiplies at an exponential rate. It's a nice dream, as is the theory of AI killing us all, but the hurdles are too great.

    In the spirit of, "never say never," a practical quantum computer is at least 100 years away.

    And here's the 411 on the encryption fear, anyway: A quantum computer that could instantly break today's encryption could just as quickly create encryption that is impossible to break.

    • And here's the 411 on the encryption fear, anyway: A quantum computer that could instantly break today's encryption could just as quickly create encryption that is impossible to break.

      The difference is the NSA, and other government agencies (in various countries) will be the only ones able to afford quantum computers.

      • Your point is well taken. Cost is a factor (ignoring the fact that QC can'y get that big). As the qubit count rises, the structure necessary to combat the three evils I listed gets to be enormous. We're talking LHC large, at least.

        "Nil Tl Son, do you see the large cold thing? Take it out."

      • The difference is the NSA, and other government agencies (in various countries) will be the only ones able to afford quantum computers.

        That's not clear at all. With our current level of technology, being able to build a useful general purpose quantum computer for any amount of money at all is outside of predictable reach. Perhaps some new technological breakthrough will make it more possible, but there's no particular reason to believe that breakthrough won't also bring it within reach of NGOs or even wealthy individuals.

        • Perhaps some new technological breakthrough will make it more possible, but there's no particular reason to believe that breakthrough won't also bring it within reach of NGOs or even wealthy individuals.

          The NSA, etc. are willing to pay billions for a QC that can crack RSA. Hell, they'd spend billions on a coinflip where "heads" got them that QC.That means they can sponsor research, build a giant infrastructure to keep it near absolute zero, and do other things that really are out of reach of NGOs or wealth

    • plus all of the laws of thermodynamics ... are working against us.
      Actually: no!

      Thermodynamics has nothing to do with quantum computers nor Heisenberg's Uncertainty Principle have anything to do with it ...

      • Care to expand and defend your remarks?

        • Sure,

          what is your question regarding steam engines (thermodynamics) and measurements of movement of small particles as in electrons and photons (aka Heisenberg)?

          Oh, you did not know that thermodynamics is about steam engines and heated gases and pressure and has nothing to do with "ordinary physics"? Yeah ... guessed that.

          • what is your question ...

            I don't have questions. I have answers.

            I'm sorry, but your knowledge of quantum and classical physics does not rise to the level where I can be of any help.

            Perhaps you could concentrate on the study of pregnant squirrels eating sandwiches.

            • If you mix up thermodynamics with quantum mechanics you obviously have no big physics education. Or you forgot everything :D But no worries, there are hardly any people on /. that grasp thermodynamics. I would wager 99% of all posts where it is mentioned are wrong about it.

              The hint with the squirrels is interesting ... perhaps I could get an easy PhD that way.

              • You're a lazy son of a bitch. [phys.org]

                Now in a new study, physicists have shown that quantum shortcuts are subject to a trade-off between speed and cost, so that the faster a quantum system evolves, the higher the energetic cost of implementing the shortcut. In accordance with the laws of thermodynamics, an infinitely fast speed would be impossible since it would require an infinite amount of energy.

                • In accordance with the laws of thermodynamics, an infinitely fast speed would be impossible since it would require an infinite amount of energy.
                  You see. Wrong again.
                  There is no law of thermodynamic saying anything about speed of anything.
                  https://en.wikipedia.org/wiki/... [wikipedia.org]

                  No idea why you want to argue abut stuff you have no clue about, or the author you cite has no clue about.

                  Infinite fast speeds, require being faster than light, wich means it violates general relativity theory, not thermodynamics. And yes: i

    • by gweihir ( 88907 )

      And that is just the thing: Mass-hype and mass-panic that completely ignore practical aspects. Here is news for these people: Practical aspects are what makes or breaks a technology.

      Incidentally, general AI has even less substance than QCs have, because there is not even a credible theory how they could work. In the few fields where we actually have theories (like automated deduction), the effort is so great that smart human beings can do things a universe-size computer could not. QCs seem to at least work

      • I enjoy reading posts by those who get it and have additional information to add. Thanks..

        To explain the problem of QC (which is quantum jitters) I can offer an analogy (I'm not clever enough to make it a car one, though):

        The speed of light, "c" is qualified by the value of "in a vacuum."

        A vacuum is defined as a space that has nothing. Zero. Zip shit. Nada. That knowing, with certainty, as agreed, violates the Uncertainty Principle.

        So, what's the deal with the fucking vacuum? It's a quantum vacuum. Some cal

    • by gtall ( 79522 )

      You are ignoring another Uncertainty Principle, that is the amount of money that can be squeezed out of funding agencies by getting their bloomers in a twist over quantum: Big Bad Quantum is coming, be very afraid, very scared, and very willing to allow us to save you for a small sum, although it might seem vast from your point of view....we here at Quantum Uncertainty Enterprises assure you it is not.

      • I agree. Plenty of revenue all around. Hype a disease; hype a cure.

        Laughter is the best medicine when opportunists abound.

  • Once the Bits are tampered with (observed) they change.
  • Just a way for otherwise useless academics to extract tax payer dollars from militaristic states.

  • I'm of the opinion that practical quantum computing is impossible (see link below for the argument). Start believing this too, and you will have one fewer things to be worried about!

    https://spectrum.ieee.org/comp... [ieee.org]

    • by gweihir ( 88907 )

      I agree. The whole thing is both useful idiots and "scientists" without ethics that want to profit from the hype a bit longer.
      The best supporting evidence for your citation is that QCs have almost not scaled at all in now something like 40 years of research.

      • by Megol ( 3135005 )

        I agree

        Yes but you are an idiot.

        . The whole thing is both useful idiots and "scientists" without ethics that want to profit from the hype a bit longer.

        If one want to profit and have no ethics there are easier ways. But again you are an idiot.

        The best supporting evidence for your citation is that QCs have almost not scaled at all in now something like 40 years of research.

        Going from proof of concept systems to something that can be used to solve small problems.
        Longer coherency times, more qubits and actually demonstrating that it works as predicted. No, nothing happening.
        Starting to look how to program a realistic future quantum computer - nothing.

        It's a hard problem to crack. But those that attempt to do it aren't idiots and know their stuff.

        • by gweihir ( 88907 )

          You seem to be completely unaware how a large part of the scientific establishment and the funding it gets works. The idiot here is you.

  • by Actually, I do RTFA ( 1058596 ) on Wednesday December 05, 2018 @11:43PM (#57757358)

    I thought elliptical curve cryptography was good enough?

    Also, it occurs to me they're concerned about a "20 year" timespan to get it widely deployed. Maybe a truly excellent algorithm just got patented, and they have to wait until it's unencumbered for it to spread?

    • by chrish ( 4714 )

      All currently-used public-key cryptography, including ECC, is vulnerable to attacks by quantum computers because the underlying hard math problems aren't hard for quantum algorithms.

      There's a technique for using elliptic curves to construct schemes that aren't vulnerable; supersingular isogeny Diffie-Hellman for example works like ECDH.

      Disclosure: I work for a company producing encryption code that's safe against attacks by quantum adversaries.

    • Since it was buried either as an AC response, or an AC response to an AC:

      EEC is vulnerable because "QCs can solve the abelian hidden subgroup problem, which ECC is within." However, RSA (and other prime factorization issues) are cracked by QCs using Shor's Algorithm. The same algorithm cannot be used on ECC.

  • The world relies on encryption to protect everything from credit card transactions to databases yet they keep getting hacked repeatedly so what's the point?
    • The world relies on encryption to protect everything from credit card transactions to databases yet they keep getting hacked repeatedly so what's the point?

      The point is to keep making it harder for the bad guys to succeed. It's an arms race.

      Of course, the good guys can turn into the bad guys, so be vigilant.

    • Getting hacked has usually nothing to do with encryption but with stupidity.

      E.g. if I call you and ask for your credit card number, would you encrypt it somehow over the phone call?
      Would you give it to me?

    • and? the encryption hasn't been hacked yet. just because many companies are incompetent doesn't make encryption broken. Just like if a house collapses it isn't the hammers fault.
  • Comment removed based on user account deletion
    • by GuB-42 ( 2483988 )

      OTP is private key / symmetric cryptography: you have to transfer the one time pad to the other party using a secure channel before you can communicate securely. That would be the equivalent of AES, and AES is still unbroken, even with a hypothetical quantum computer.
      The advantage of algorithms like AES over OTP is that OTP is very inconvenient. It needs a massive amount of true random data (using a PRNG would turn it into just another stream cipher), and all of it has to be transferred securely. That incon

      • Comment removed based on user account deletion
        • Comment removed based on user account deletion
        • by GuB-42 ( 2483988 )

          Yes, that's how you use OTP. The issues are:
          - You need a true RNG, i.e. specialized hardware (/dev/random may be ok). And these typically have a rather low bandwidth. That's fine for short message, less so for HD video.
          - You need to transfer a lot of data using your secure (e.g. physical) channel. As much random data as all the data you intend to send. It means that it can't be memorized or told, you need a physical support, like a USB stick for instance. There is quite a lot of work involved in order to tr

  • There are no QCs of sufficient size to even break amateur-crypto. Scaling is proving difficult enough that it is unclear whether it works at all. There is no threat here. No, really not.

  • There's a lot of cryptocurrency mining hardware being dumped & can be repurposed to solve Wikileaks Insurance Files encryptons. Pursuing this direction & not knowing when solves will happen will motivate govs & banks to correct themselves. And that is a Good Thing to do.

  • by sad_ ( 7868 ) on Thursday December 06, 2018 @06:55AM (#57758328) Homepage

    who cares, encryption will be broken by the time viable quantum computers are a reality anyway.
    australia is just the first domino to fall, soon other nations will follow and all encryption must be breakable by law.

  • by OneHundredAndTen ( 1523865 ) on Thursday December 06, 2018 @08:40AM (#57758798)
    Research on quantum computing is now over 35 years old, and it has been systematically hyped all along, while having very little to show for itself. Existing quantum computers have yet to solve anything that can't be solved by traditional computers far more cheaply, an at least as efficiently, for all practical purposes. The horizon for quantum computers capable of tackling non-trivial problems was ten years away ten years ago, and it still remains ten years away today. Finally, it is not even clear yet that the engineering associated with keeping qubits appropriately entangled for solving problems of interest can be developed, just we don't know whether the engineering associated with warp drives is attainable. True, practical quantum computers may be developed within the next ten years - but the may also never be developed - we don't know yet. At this point, I'd bet that we'll get practical controlled nuclear fusion before we get practical quantum computing - i.e. quantum computing that solves serious, non-Mickey Mouse problems.
  • widespread adoption of quantum-resistant cryptography "will be a long and difficult process"

    What other computer technology took 20 years to get widespread adoption? The last one I could think of was either the Internet itself or the WWW.

    Why would cryptography take so long?

    Or are we talking about getting quantum-resistant cryptography in our InternetOfThings devices? I'm screwed if someone's using that much resources to hack my car. It would probably be cheaper to hire a league of assassins to take me out.

  • TOO MANY SECRETS. Quantum computing will be code-breaking box off Sneakers.
  • SSL = corporations hand-jobbing each other ("signing") and claiming they are "trusted". By who? Each other? Gimme a break. Too many times people trust encryption only to be let down by it either being a shitty implementation that gets hacked or the algo itself gets broken (or more likely becomes "questionable" and in some grey area due to some asshole's "paper" on some esoteric part of the algo). Do I see the need for it in theory? Yes. I do understand why authorization and authentication processes as well
  • Is this /. or some news outlet for old fogies who don't understand computers? Isn't it already a standard security practice to only allow a few tries at a password before requiring a few minutes wait time til anyone can try again? No matter how fast an attacking computer is, its speed won't be an advantage if it can only attempt 3 tries every 15 or 20 minutes.

Keep up the good work! But please don't ask me to help.

Working...